In a networking environment, it is often the case that users interact with local application programs. The local application programs may exchange data with remote application programs on behalf of the users. When the remote application program controls resources of value, it most likely will require a user name (or userid) and password for verification and access control. Userids are considered, in most cases, to be public information, but passwords are considered to be private or secret. The local application program sends the userid and password combination to the remote application program over a network.
It is also very common for a server in a network of resources to be used to provide controlled access to the network or to applications residing within the network.
Accordingly a server manages the resources and data for which it is responsible and facilitates access to the resources and data by networked machines which logged onto the network by way of credentials.
It is also common in the art for one or more network servers to be responsible for administering and limiting network access to clients for which valid account credentials have been provided during a network logon procedure. In this respect, the network server maintains a security database including account identification corresponding to users and services authorized to access the network and the protected network resources for which the network server enforces limited access.
It is sometimes necessary for the user to change his password to a new password. When the user wants to change the password, he submits his userid, old password and a new password to the local application program. The local application program then sends the userid, old password and new password combination to the remote application program over the network. When the network is not secure or is untrusted, the users"" presumably secret passwords are susceptible to exposure and monitoring by unauthorized parties if the information is sent in the clear (i.e. not encrypted or protected in some other manner). These outside parties could then replay the new password at some time in the future and gain access to the xe2x80x9cprotectedxe2x80x9d resources. To protect the passwords while traveling over public networks, some systems encrypt the passwords with symmetric-key crypto-systems (such as DES, RC5, etc.) or public-key cryptosystems (such as RSA, Elliptic curve, etc.). Encrypting the passwords in this way imposes additional overhead on the local and remote application programs. In addition to having to implement symmetric-key and/or public key crypto systems, they have to have either pre-established shared secret keys or to have a public-key infrastructure in place.
In the art of password security for logging onto a network, various distinct one-way hash functions are used on passwords to protect the secrecy of the passwords when they are transmitted on a non-secure network or transmission medium. Hash functions take an input string (the password) and convert it into an output string from which the input string cannot be determined (at least from a practical perspective the input string cannot be determined). These one-way hash functions are well suited for applications in which the receiving party does not need to know the input string corresponding to an output string in a received message. In this instance, when the user logs on to a network, the user""s password is not sent across the network, only the hash of their password is sent, but this has not proven effective for the changing of passwords to the present time.
Encryption schemes have been incorporated into password change protocols to enable secure changing of a password stored at a remote computer. Under such schemes, the sender and receiver of the encrypted password change messages respectively know the operative encryption and decryption schemes. The sender encrypts the messages by applying an encryption scheme utilizing a key to the messages to be sent. The receiver decrypts the messages using a corresponding decryption scheme and corresponding key known by the receiver.
A method of changing passwords by a client was also described by Microsoft Corporation in their patent U.S. Pat. No. 5,719,941 filed Jan. 12, 1996. In that patent, Microsoft describes a method of changing passwords wherein the client computes a first message (M1) by encrypting at least a new clear text password using a one-way hash function of the old password as the encryption key. A second message (M2) is computed by the client by encrypting at least the one-way hash of the old password with a one-way hash of the new password (as the encryption key). The client then transmits the first and second messages (M1 and M2) to the server. After receiving the first message, the server computes a decrypted first message, including at least the new clear text password by decrypting the received first message using a copy of the one-way hash of the old password previously stored by the server as the decryption key. In this way, the new clear text password is obtained. While initially this seems to be an effective means of password changing, it is still open for replay or delay attacks by the unwanted intermediary. The intermediary could intercept the transaction and replay it at a later date.
The present invention presents a method for changing the password to a new password without requiring the use of a symmetric-key or public-key cryptosystem. It does not require a pre-established shared secret key or a public-key infrastructure. It only requires a collision-resistant hash function such as SHA-1 and ensures freshness (hence guarding against intercept and replay attacks) by incorporating random challenges.
The present invention presents a secure method for changing a password to a new password when the passwords are being transmitted over untrusted networks. The present invention does not require the use of any additional keys (such as symmetric keys or public/private key pairs) to protect the password exchanges. Moreover, the present solution does not require the use of any encryption algorithms (such as DES, RC4/RC5, etc.). The present invention only requires the use of a collision-resistant hash function.